chore(release): bump workspace versions to 0.9.1 (#113)

* chore(release): bump workspace versions to 0.9.1

Patch release covering bug fixes accumulated since v0.9.0:

- fix(docx-core): merge auxiliary parts in rebuild mode (#94, #101)
- fix(docx-core): emit paragraph-level markers outside <w:r> on rebuild (#109)
- fix(docx-core): preserve reply comments in rebuild mode (#108, #112)
- test(docx-mcp): harden vitest path allowlist against /tmp symlink topology (#105)
- ci: SHA-pin all GitHub Actions, add dependency review and Dependabot
- ci: fix PR title check for acronyms and fork PRs (#88)
- chore(skills): sync docx-editing to 0.3.0 (#95)

Generated via scripts/bump_version.mjs.

* fix(docx-mcp): declare @xmldom/xmldom dependency explicitly

The bumped package-lock.json regenerated cleanly and exposed a latent
bug: docx-mcp directly imports @xmldom/xmldom in tag_parser.ts but did
not declare it as a dependency. It was previously masked by npm
hoisting from docx-core's transitive dep — the workspace happened to
work because the lockfile carried a stale hoisted xmldom@0.8.11.

Pinning to ^0.8.11 (matching what was already running in production via
the silent hoist) preserves observable behavior. tag_parser depends on
xmldom 0.8's lenient parsing of cross-nested tags
(<b><i>text</b></i>) — xmldom 0.9 throws on such input. Migrating
docx-mcp's tag_parser to xmldom 0.9 is its own concern; this commit
keeps the 0.9.1 release a pure version bump.

docx-core continues to use xmldom ^0.9.9 (PR #75); the two versions
coexist under their respective package's node_modules. No DOM nodes
cross the docx-core/docx-mcp boundary, so the version split is safe.

Author: stevenobiajulu

gemini-extension.json

@@ -1,6 +1,6 @@
 {
   "name": "safe-docx",
-  "version": "0.9.0",
+  "version": "0.9.1",
   "description": "AI-powered DOCX editing with tracked changes, redlining, and formatting preservation",
   "contextFileName": "GEMINI.md",
   "entrypoint": "GEMINI.md",

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "safe-docx-suite",
-  "version": "0.9.0",
+  "version": "0.9.1",
   "private": true,
   "description": "Monorepo for Safe DOCX packages",
   "repository": {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@usejunior/allure-test-factory",
-  "version": "0.9.0",
+  "version": "0.9.1",
   "description": "Shared Allure test helpers for vitest — BDD context, OpenSpec auto-inference, Prism.js highlighting",
   "type": "module",
   "exports": {

packages/allure-test-factory/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@usejunior/docx-core",
-  "version": "0.9.0",
+  "version": "0.9.1",
   "description": "OOXML (.docx) core library: primitives, comparison, and track changes",
   "type": "module",
   "main": "dist/index.js",

packages/docx-core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@usejunior/docx-mcp",
-  "version": "0.9.0",
+  "version": "0.9.1",
   "description": "MCP server for reading, editing, and comparing Word documents with tracked changes. For Claude, Gemini CLI, Cursor, and any MCP client. MIT licensed.",
   "type": "module",
   "main": "dist/index.js",
@@ -26,8 +26,9 @@
     "lint": "tsc -b --pretty false"
   },
   "dependencies": {
-    "@usejunior/docx-core": "^0.9.0",
+    "@usejunior/docx-core": "^0.9.1",
     "@modelcontextprotocol/sdk": "^1.0.0",
+    "@xmldom/xmldom": "^0.8.11",
     "zod": "^4.3.6"
   },
   "devDependencies": {
@@ -53,7 +54,7 @@
     "dist"
   ],
   "peerDependencies": {
-    "@usejunior/google-docs-core": "^0.9.0"
+    "@usejunior/google-docs-core": "^0.9.1"
   },
   "peerDependenciesMeta": {
     "@usejunior/google-docs-core": {

packages/docx-mcp/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@usejunior/google-docs-core",
-  "version": "0.9.0",
+  "version": "0.9.1",
   "description": "Google Docs core library: read, write, and anchor management via Google Docs API",
   "type": "module",
   "main": "dist/index.js",

packages/google-docs-core/package.json

@@ -2,7 +2,7 @@
   "manifest_version": "0.3",
   "name": "safe-docx",
   "display_name": "Safe Docx",
-  "version": "0.9.0",
+  "version": "0.9.1",
   "description": "AI-native Word document editing with stable paragraph anchors and deterministic DOCX operations.",
   "long_description": "Safe Docx lets Claude work directly with .docx files on your local filesystem. It provides stable paragraph IDs (jr_para_*) for precise editing while preserving formatting and structure.\n\nCore capabilities include reading/searching content, formatting-preserving edits and inserts, deterministic layout controls, tracked-changes output, comments, footnote tools, document comparison, and revision extraction.",
   "author": {

packages/safe-docx-mcpb/manifest.json

@@ -1,6 +1,6 @@
 {
   "name": "@usejunior/safedocx-mcpb",
-  "version": "0.9.0",
+  "version": "0.9.1",
   "private": true,
   "description": "Claude Desktop MCP Bundle (.mcpb) wrapper for @usejunior/safe-docx",
   "type": "module",
@@ -14,7 +14,7 @@
     "lint": "tsc --noEmit"
   },
   "dependencies": {
-    "@usejunior/safe-docx": "^0.9.0"
+    "@usejunior/safe-docx": "^0.9.1"
   },
   "devDependencies": {
     "@vitest/runner": "^3.2.4",

packages/safe-docx-mcpb/package.json

@@ -6,7 +6,7 @@
     "serverCard": {
       "serverInfo": {
         "name": "safe-docx",
-        "version": "0.9.0"
+        "version": "0.9.1"
       },
       "tools": [
         {